2 * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SECURITY_PEEROPTIONS_H
10 #define SQUID_SRC_SECURITY_PEEROPTIONS_H
12 #include "ConfigParser.h"
14 #include "security/forward.h"
21 /// TLS squid.conf settings for a remote server peer
25 PeerOptions() : parsedOptions(0), parsedFlags(0), sslVersion(0), encryptTransport(false) {}
26 PeerOptions(const PeerOptions
&);
28 /// parse a TLS squid.conf option
29 void parse(const char *);
31 /// reset the configuration details to default
32 void clear() {*this = PeerOptions();}
34 /// generate a security client-context from these configured options
35 Security::ContextPointer
createClientContext(bool setOptions
);
37 /// sync the context options with tls-min-version=N configuration
38 void updateTlsVersionLimits();
40 /// setup the CA details for the given context
41 void updateContextCa(Security::ContextPointer
&);
43 /// setup the CRL details for the given context
44 void updateContextCrl(Security::ContextPointer
&);
46 /// output squid.conf syntax with 'pfx' prefix on parameters for the stored settings
47 void dumpCfg(Packable
*, const char *pfx
) const;
55 SBuf certFile
; ///< path of file containing PEM format X509 certificate
56 SBuf privateKeyFile
; ///< path of file containing private key in PEM format
57 SBuf sslOptions
; ///< library-specific options string
58 SBuf caDir
; ///< path of directory containing a set of trusted Certificate Authorities
59 SBuf crlFile
; ///< path of file containing Certificate Revoke List
62 SBuf sslFlags
; ///< flags defining what TLS operations Squid performs
65 SBuf tlsMinVersion
; ///< version label for minimum TLS version to permit
67 long parsedOptions
; ///< parsed value of sslOptions
68 long parsedFlags
; ///< parsed value of sslFlags
70 std::list
<SBuf
> caFiles
; ///< paths of files containing trusted Certificate Authority
71 Security::CertRevokeList parsedCrl
; ///< CRL to use when verifying the remote end certificate
77 /// whether transport encryption (TLS/SSL) is to be used on connections to the peer
78 bool encryptTransport
;
81 /// configuration options for DIRECT server access
82 extern PeerOptions ProxyOutgoingConfig
;
84 } // namespace Security
86 // parse the tls_outgoing_options directive
87 void parse_securePeerOptions(Security::PeerOptions
*);
88 #define free_securePeerOptions(x) Security::ProxyOutgoingConfig.clear()
89 #define dump_securePeerOptions(e,n,x) do { (e)->appendf(n); (x).dumpCfg((e),""); (e)->append("\n",1); } while(false)
91 #endif /* SQUID_SRC_SECURITY_PEEROPTIONS_H */